会话/ Cookie的问题?问题、Cookie
我有一点困难的形式标记。我有我需要的所有控制器的顶部有一个全局文件。
I am having a bit of difficulty with form tokens. I have a global file that i require at the top of all of the controllers.
/*
*----------------------------------------------
* VERIFY FORM TOKENS
*----------------------------------------------
*/
if ($_POST) {
// Define and Sanitize
$formToken = $sanitize->input($utilities->getVar('formToken', 'session'));
$authenticityToken = $sanitize->input($utilities->getVar('authenticityToken'));
// Validate
if ($authenticityToken !== $formToken) {
$errors[] = 'There was a token mismatch error submitting your form. Please try again.';
}
}
// Generate Form Token
$formToken = $forms->token();
$_SESSION['formToken'] = $formToken;
当被宣布之后echo'ing的增值经销商进行匹配。但是,当我检查分贝(我保存会话DB),每分贝刷新显示保存新formtoken。我只叫 $形式提出─>令牌(); 类,一旦这就是它看起来像
When echo'ing the vars out right after being declared they match. But when i check the db ( I save sessions to db ) every db refresh displays a new formtoken that was saved. I only call the $forms->token(); class once this is what it looks like
class Forms {
public __construct(){}
function token() {
$characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$token = '';
for ($i = 0; $i < 60; $i++) { $token .= $characters[ rand( 0, strlen( $characters ) - 1 ) ]; }
$hash = substr(str_shuffle($token), 0, 32);
return $hash;
}
}
我一直在这个问题上,现在有一阵子,我很困惑,为什么出现这种情况。我也使用mod_rewrite在我的.htaccess文件。我读了重写影响的会议,但其他所有会话数据就可以了(会话登录数据等),它只是这些记号是给了我一个困难时期。
I have been working on this issue for a while now, i am confused as to why this occurs. I am also using mod_rewrite in my .htaccess file. I read that rewrites affect sessions but all other session data is ok ( session login data etc. ) it is just these tokens that are giving me a hard time.
推荐答案
我想你需要的东西环绕在您生成的令牌。当你拥有了它,它看起来像你的令牌,则每次创建一个新的。
I think you need to wrap an else around where you generate the token. As you have it, it looks like you get the token, then create a new one each time.
if ($_POST)
{
// Define and Sanitize
$formToken = $sanitize->input($utilities->getVar('formToken', 'session'));
$authenticityToken = $sanitize->input($utilities->getVar('authenticityToken'));
// Validate
if ($authenticityToken !== $formToken)
{
$errors[] = 'There was a token mismatch error submitting your form. Please try again.';
//UPDATE: MAYBE PUT IT HERE TOO:
$formToken = $forms->token();
$_SESSION['formToken'] = $formToken;
}
}
else
{
//----putting in an else so this is not done again on POST--------
// Generate Form Token
$formToken = $forms->token();
$_SESSION['formToken'] = $formToken;
}
